Lucene search
K

4 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:56 a.m.10 views

Security Bulletin: Qiskit SDK Vulnerability Allows Remote Attackers to Cause Denial of Service via Maliciously Crafted QPY File

Summary A maliciously crafted QPY file containing a malformed symengine serialization stream as part of the larger QPY serialization of a ParameterExpression object can cause a segfault within the symengine library, allowing an attacker to terminate the hosting process. Vulnerability Details...

8.6CVSS8.1AI score0.0066EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2025/02/27 4:4 a.m.6 views

Denial Of Service (DoS)

qiskit is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of malformed symengine serialization streams within QPY files, allowing an attacker to trigger a segmentation fault in the symengine library using a malicious QPY file...

8.6CVSS6.5AI score0.0066EPSS
Exploits0References5Affected Software2
Vulnrichment
Vulnrichment
added 2025/02/21 4:55 p.m.8 views

CVE-2025-1403 Qiskit SDK denial of service

Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker to cause a denial of service using a maliciously crafted QPY file containing a malformed symengine serialization stream which can cause a segfault within the symengine library...

8.6CVSS8.3AI score0.0066EPSS
Exploits0References1
CVE
CVE
added 2025/02/21 4:55 p.m.70 views

CVE-2025-1403

CVE-2025-1403 affects Qiskit SDK from 0.45.0 to 1.2.4, where a malicious QPY file with a malformed symengine serialization stream can trigger a segfault in the symengine library, enabling remote denial of service. The Red Hat, OSV, and IBM advisories confirm the vulnerability and provide remediat...

8.6CVSS8.3AI score0.0066EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder